Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Password protecting Internal

Re: Password protecting Internal

From: Sylvie Bérubé <sberube_at_cam.org>
Date: 1997/01/30
Message-ID: <32F06AB2.29C8@cam.org>#1/1 







Carl, Christianson wrote:


> 

> In article <32EC37D6.6E1F_at_nightmare.com>, oracle says...

> >

> >R. Wayne Linton wrote:

> >>

> >> Carl, Christianson wrote:

> >> >

> >> > I am looking at password protecting the connect internal statement from svrmgrl.

> >> > I am running Oracle 7.3 in AIX 4.1.4.  How does one go about this?

> >>

> >> Carl, have a look at the ORAPWD utility.  This creates a password file

> >> for internal and sys (and other userids as you see fit).  You can have

> >> one for each instance or you can share this one password file across

> >> several instances.  You create this file via the ORAPWD utility.  In vms

> >> you set up an executive level logical for it so the system can find it; I

> >> don't know about AIX.

> >>

> >> Look in your "ORACLE7 Server and Tools Administrator's Guide", chapter 2.

> >>

> >> --

> >> R. Wayne Linton, I.S.P.

> >> Database & Systems Management

> >> Shell Canada Ltd.

> >

> >You need to use a sql*net connection for this to work.  If the user is

> >logged "dba" group and not using TWO_TASK to connect it still will not

> >prompt for the internal password even if you use orapwd.

> 

> Thanks for the input everyone but let me be a little more specific.

> I am not concerned with remote users connecting

> via SQL*Net, that avenue is protected.

> All that I am concerned about is that if someone can telnet to my server that

> they could execute svrmgr and then connect as internal.  Is there a way to do

> this?  Will the Orapwd facility handle this?  I didn't think the documentation

> in the Administrator's Guide was clear.

> thanks

> 

> Carl Christianson



Carl,



The 'connect internal' command is protected through the authority of the
Unix 'dba' group.  When you install Oracle, it asks for a group name
(default is 'dba') and creates it on Unix, then adds Unix 'oracle'
userid to that group.  Then you can personnally add any Unix userids to
the 'dba' group.  Usually you will add the 'root' userid to that 'dba'
group (for obvious reason!).  Of course you need root to do that.



From then on, only the Unix userids added to the 'dba' group will have
the authority to do 'connect internal'... no one else.



Sylvie Bérubé


sberube_at_cam.org
Received on Thu Jan 30 1997 - 00:00:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US